Obtaining Bucket Encryption Configuration
Functions
OBS uses the GET method to obtain the encryption configuration of a specified bucket.
To perform this operation, you must have the GetEncryptionConfiguration permission. By default, only the bucket owner can delete the tags of a bucket. The bucket owner can allow other users to perform this operation by setting a bucket policy or granting them the permission.
For more information about permission control, see the permission control in the OBS Permission Configuration Guide.
Authorization Information
To call this API, you must be the bucket owner or have the permission to obtain the encryption configuration of a bucket. You are advised to use IAM or bucket policies for authorization. For details about OBS authorization methods, see Differences Between OBS Permissions Control Methods.
- If you use IAM for authorization, you need to use either role/policy-based authorization or identity policy-based authorization and configure the required permissions:
- If you use role/policy-based authorization (IAM v3 APIs in the old IAM version), you need to grant the obs:bucket:GetEncryptionConfiguration permission. For details, see Creating a Custom IAM Policy.
- If you use identity policy-based authorization (IAM v5 APIs in the new IAM version), you need to grant the obs:bucket:getEncryptionConfiguration permission, as shown in the following table. For details, see Creating a Custom IAM Identity Policy.
Action
Access Level
Resource Type (*: Required)
Dependencies
obs:bucket:getEncryptionConfiguration
Read
bucket *
-
-
-
- obs:EpochTime
- obs:SourceIp
- obs:TlsVersion
- obs:CustomDomain
- If you use bucket policies for authorization, you need to grant the obs:bucket:GetEncryptionConfiguration permission. For details, see Creating a Custom Bucket Policy.
Request Syntax
1 2 3 4 5 6 |
GET /?encryption HTTP/1.1 User-Agent: curl/7.29.0 Host: bucketname.obs.region.myhuaweicloud.com Accept: */* Date: date Authorization: authorization string |
Request parameters
This request contains no message parameters.
Request Headers
This request uses common headers. For details, see Table 3.
Request Elements
This request involves no elements.
Response Syntax
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
HTTP/1.1 status_code x-obs-request-id: request id x-obs-id-2: id Content-Type: application/xml Content-Length: length Date: date <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <ServerSideEncryptionConfiguration xmlns="http://obs.region.myhuaweicloud.com/doc/2015-06-30/"> <Rule> <ApplyServerSideEncryptionByDefault> <SSEAlgorithm>kms</SSEAlgorithm> <KMSMasterKeyID>kmskeyid-value</KMSMasterKeyID> <ProjectID>projectid</ProjectID> </ApplyServerSideEncryptionByDefault> <BucketKeyEnabled>true</BucketKeyEnabled> </Rule> </ServerSideEncryptionConfiguration> |
Response Headers
The response to the request uses common headers. For details, see Table 1.
Response Elements
This response contains the following elements to detail bucket encryption configuration:
|
Parameter |
Type |
Description |
|---|---|---|
|
ServerSideEncryptionConfiguration |
Container |
Definition: Root element of the default bucket encryption configuration. ServerSideEncryptionConfiguration is the parent node of Rule. Range: None |
|
Rule |
Container |
Definition: Child element of the default bucket encryption configuration. Rule is the parent node of ApplyServerSideEncryptionByDefault. Range: For details, see Rule parameters. |
|
Parameter |
Type |
Description |
|---|---|---|
|
ApplyServerSideEncryptionByDefault |
Container |
Definition: The child element of the default bucket encryption configuration. Range: For details, see Table 3. |
|
Parameter |
Type |
Description |
|---|---|---|
|
SSEAlgorithm |
String |
Definition: Server-side encryption algorithm used for the default encryption configuration of a bucket. Range:
|
|
KMSMasterKeyID |
String |
Definition: KMS master key ID used in SSE-KMS encryption. Range:
In the preceding formats:
|
|
ProjectID |
String |
Definition: ID of the project where the KMS master key belongs when SSE-KMS is used. Range: Project ID that matches KMSMasterKeyID, that is, the ID of the project to which the master key with the specified KMSMasterKeyID belongs |
Error Responses
In addition to common error codes, this API also returns others. The following table lists common errors and possible causes. For details, see Table 4.
Sample Request
1 2 3 4 5 6 |
GET /?encryption HTTP/1.1 User-Agent: curl/7.29.0 Host: examplebucket.obs.region.myhuaweicloud.com Accept: */* Date: Thu, 21 Feb 2019 03:05:34 GMT Authorization: OBS H4IPJX0TQTHTHEBQQCEC:DpSAlmLX/BTdjxU5HOEwflhM0WI= |
Sample Response
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
HTTP/1.1 200 OK Server: OBS x-obs-request-id: BF26000001643670AC06E7B9A7767921 x-obs-id-2: 32AAAQAAEAABSAAgAAEAABAAAQAAEAABCSvK6z8HV6nrJh49gsB5vqzpgtohkiFm Date: Thu, 21 Feb 2019 03:05:34 GMT Content-Length: 788 <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <ServerSideEncryptionConfiguration xmlns="http://obs.region.myhuaweicloud.com/doc/2015-06-30/"> <Rule> <ApplyServerSideEncryptionByDefault> <SSEAlgorithm>kms</SSEAlgorithm> <KMSMasterKeyID>4f1cd4de-ab64-4807-920a-47fc42e7f0d0</KMSMasterKeyID> </ApplyServerSideEncryptionByDefault> <BucketKeyEnabled>true</BucketKeyEnabled> </Rule> </ServerSideEncryptionConfiguration> |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
